Native Airtable
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: native-airtable Version: 0.1.0 The skill is designed to interact with the Airtable API, and its `SKILL.md` instructions are benign. However, the `scripts/airtable.py` file contains a vulnerability in the `cmd_search_records` function. User-provided `query` and `field` arguments are directly embedded into an Airtable formula string without proper sanitization, which could lead to an Airtable formula injection. This vulnerability could allow an attacker to manipulate the search query on the Airtable server, potentially leading to unintended data access or API errors, though it does not pose a direct risk of RCE or data exfiltration from the local system.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A broadly scoped token could let the agent retrieve sensitive Airtable business, customer, or project records during normal use.
The skill requires an Airtable personal access token with schema and record read permissions; if the user grants access to all bases, the agent can read data from every base covered by that token.
Add scopes: - `data.records:read` - `schema.bases:read` ... Under **Access**, select which bases to grant access to (or all)
Create a dedicated Airtable PAT with only the listed read-only scopes and grant it access only to the specific bases needed; revoke or rotate it when no longer needed.